From: Jakub Slepecki <jakub.slepecki@intel.com>
To: intel-wired-lan@lists.osuosl.org
Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
przemyslaw.kitszel@intel.com, anthony.l.nguyen@intel.com,
michal.swiatkowski@linux.intel.com, jakub.slepecki@intel.com,
aleksandr.loktionov@intel.com
Subject: [PATCH iwl-next v2 0/8] ice: in VEB, prevent "cross-vlan" traffic
Date: Tue, 25 Nov 2025 09:34:48 +0100 [thread overview]
Message-ID: <20251125083456.28822-1-jakub.slepecki@intel.com> (raw)
Currently, packets that match MAC address of a VF will be sent to loopback
even if they would cross VLAN boundaries. Effectively, this drops them.
In this patch series, we aim to address this behaviour by adding MAC,VLAN
to complement what MAC-only filters do to select packets for loopback.
To reproduce the issue have E810 connected to another adapter, then:
ip l set $pfa vf 0 vlan 4
ip l set $pfa vf 1 vlan 7
ip l set $pfb vf 0 trust on spoof off vlan 4
ip l set $pfb vf 1 trust on spoof off vlan 7
ip l set $vfa0 netns $netns0 up
ip l set $vfa1 netns $netns1 up
ip netns exec $netns0 ip a add 10.0.0.1/24 dev $vfa0
ip netns exec $netns1 ip a add 10.0.0.2/24 dev $vfa1
ip l add $br type bridge
ip l set $vfb0 master $br up
ip l set $vfb1 master $br up
ip l set $br up
Where $pfa is the E810 and $pfb is its link partner. Send the packets
between $vfa0 and $vfa1. We expect to see ICMP packets at the $br.
Instead, ARP is unable to resolve the 10.0.0.1 because the reply is
stuck in the internal switch.
Changes in v2:
- Use FIELD_GET et al. when handling fi.lb_en and fi.lan_en.
- Rename /LB_LAN/ s/_MASK/_M/ because one of uses would need to break
line.
- Close open parenthesis in ice_vsi_update_bridge_mode() description.
- Explain returns in ice_vsi_update_bridge_mode().
v1: https://lore.kernel.org/intel-wired-lan/20251120162813.37942-1-jakub.slepecki@intel.com/T/
Jakub Slepecki (7):
ice: in dvm, use outer VLAN in MAC,VLAN lookup
ice: allow creating mac,vlan filters along mac filters
ice: do not check for zero mac when creating mac filters
ice: allow overriding lan_en, lb_en in switch
ice: update mac,vlan rules when toggling between VEB and VEPA
ice: add functions to query for vsi's pvids
ice: in VEB, prevent "cross-vlan" traffic from hitting loopback
Michal Swiatkowski (1):
ice: add mac vlan to filter API
drivers/net/ethernet/intel/ice/ice_fltr.c | 104 +++++++++++++++++-
drivers/net/ethernet/intel/ice/ice_fltr.h | 10 +-
drivers/net/ethernet/intel/ice/ice_lib.c | 56 ++++++++++
drivers/net/ethernet/intel/ice/ice_lib.h | 2 +
drivers/net/ethernet/intel/ice/ice_main.c | 56 +++++++---
drivers/net/ethernet/intel/ice/ice_switch.c | 79 +++++++++----
drivers/net/ethernet/intel/ice/ice_switch.h | 13 ++-
drivers/net/ethernet/intel/ice/ice_vf_lib.c | 8 +-
.../net/ethernet/intel/ice/ice_vlan_mode.c | 12 ++
9 files changed, 295 insertions(+), 45 deletions(-)
--
2.43.0
next reply other threads:[~2025-11-25 8:35 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-25 8:34 Jakub Slepecki [this message]
2025-11-25 8:34 ` [PATCH iwl-next v2 1/8] ice: in dvm, use outer VLAN in MAC,VLAN lookup Jakub Slepecki
2025-11-25 8:34 ` [PATCH iwl-next v2 2/8] ice: allow creating mac,vlan filters along mac filters Jakub Slepecki
2025-11-25 8:34 ` [PATCH iwl-next v2 3/8] ice: do not check for zero mac when creating " Jakub Slepecki
2025-11-25 8:34 ` [PATCH iwl-next v2 4/8] ice: allow overriding lan_en, lb_en in switch Jakub Slepecki
2025-11-25 8:59 ` Loktionov, Aleksandr
2025-11-28 11:55 ` Jakub Slepecki
2025-12-01 7:37 ` Loktionov, Aleksandr
2025-12-02 13:54 ` Jakub Slepecki
2025-11-25 8:34 ` [PATCH iwl-next v2 5/8] ice: update mac,vlan rules when toggling between VEB and VEPA Jakub Slepecki
2025-11-25 8:52 ` Loktionov, Aleksandr
2025-11-28 8:29 ` Jakub Slepecki
2025-11-28 8:36 ` Loktionov, Aleksandr
2025-11-28 12:28 ` Jakub Slepecki
2025-12-01 7:41 ` Loktionov, Aleksandr
2025-11-25 8:34 ` [PATCH iwl-next v2 6/8] ice: add functions to query for vsi's pvids Jakub Slepecki
2025-11-25 8:34 ` [PATCH iwl-next v2 7/8] ice: add mac vlan to filter API Jakub Slepecki
2025-11-25 8:34 ` [PATCH iwl-next v2 8/8] ice: in VEB, prevent "cross-vlan" traffic from hitting loopback Jakub Slepecki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251125083456.28822-1-jakub.slepecki@intel.com \
--to=jakub.slepecki@intel.com \
--cc=aleksandr.loktionov@intel.com \
--cc=anthony.l.nguyen@intel.com \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michal.swiatkowski@linux.intel.com \
--cc=netdev@vger.kernel.org \
--cc=przemyslaw.kitszel@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox